Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/04/19 12:0 a.m.31 views

WordPress plugin Autolinks cross-site request forgery vulnerability

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin Autolinks has a cross-site request forgery vulnerability, which can be exploited by remote attackers to perform...

5.4CVSS1.2AI score0.00304EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/18 12:0 a.m.31 views

Amazon AWS VPN Client has an unspecified vulnerability

Amazon AWS VPN Client is a fully managed remote access VPN solution from Amazon.com, Inc. A security vulnerability exists in Amazon AWS VPN Client for Windows version 2.0.0, which stems from the disclosure of a user's Net-NTLMv2 hash when importing VPN configuration files. information, an attacke...

7CVSS1.8AI score0.00518EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.31 views

Microsoft Windows Telephony Serve Elevation of Privilege Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Telephony Server. The vulnerability stems from an incorrect programmatic call to an advanced local procedure. An...

7.8CVSS8.2AI score0.00848EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.31 views

RiteCMS path traversal vulnerability

RiteCMS is a web CMS. A path traversal vulnerability exists in RiteCM, which can be exploited by an authenticated attacker to delete any file in the web root directory...

8.5CVSS4.2AI score0.20963EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.31 views

Unspecified vulnerability in iot-device-sdk-embedded-c

iot-device-sdk-embedded-c is an application plugin. The Google Cloud IoT Device SDK for embedded C is an easily portable open source C library that connects low-end IoT devices to Google Cloud IoT Core. iot-device-sdk-embedded-c suffers from a security vulnerability that stems from the...

7.8CVSS3.6AI score0.00217EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.31 views

Microsoft Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability

An information disclosure vulnerability exists in Microsoft Windows Hyper-V Shared Virtual Hard Disks, a tool from Microsoft Corporation that provides hardware virtualization. The vulnerability stems from errors in the configuration of the network system or product during operation. An attacker...

6.8CVSS1.1AI score0.02541EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.31 views

Microsoft Windows iSCSI Target Service Information Disclosure Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Windows iSCSI Target Service. The vulnerability arises from a configuration or other error in the operation of a networked...

6.5CVSS7.3AI score0.02334EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.31 views

Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2022-62516)

Microsoft Windows Win32k is a system file for Windows multi-user management from Microsoft Corporation USA. Microsoft Windows Win32k has an elevation of privilege vulnerability that could be exploited by attackers to execute arbitrary code with elevated privileges...

8.5CVSS7.5AI score0.09415EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.31 views

Jenkins promoted builds Plugin cross-site scripting vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A cross-site scripting vulnerability exists in the Jenkins promoted builds Plugin, which stems from the application not...

5.4CVSS1.8AI score0.00782EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/13 12:0 a.m.31 views

KevinLAB Building Energy Management System跨站请求伪造漏洞

KevinLAB Building Energy Management System is a building energy management system from KevinLAB Korea.A cross-site request forgery vulnerability exists in KevinLAB Building Energy Management System version 4ST BEMS 1.0.0 and is currently No detailed vulnerability details are available...

6.5CVSS3.6AI score0.01415EPSS
Exploits2References1
CNVD
CNVD
added 2022/04/07 12:0 a.m.31 views

Huawei HarmonyOS Business Logic Error Vulnerability (CNVD-2022-53579)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A business logic error vulnerability exists in the Huawei HarmonyOS communication module. The vulnerability stems from a business logic error in the...

7.5CVSS7.4AI score0.0079EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/01 12:0 a.m.31 views

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57816)

ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and earlier versions have a cross-site scripting vulnerability, which stems from the fact that the program is not properly filtered and can be exploited by remote attackers to execute HTML or JavaScript code with t...

6.1CVSS3.2AI score0.00874EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.31 views

Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65621)

Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting.A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to execute code in the context of the current process...

7.8CVSS4.5AI score0.01911EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/30 12:0 a.m.31 views

KONGA elevation of privilege vulnerability

KONGA is a full-featured open source, multi-user GUI from Dutch individual developer Panagis Tselentis. version 0.14.9 of KONGA contains an elevation of privilege vulnerability that could be exploited by attackers to gain full administrative access...

6.2AI score
Exploits2References1
CNVD
CNVD
added 2022/03/18 12:0 a.m.31 views

Rapid7 Nexpose has an unspecified vulnerability (CNVD-2022-21218)

Rapid7 Nexpose is a set of vulnerability management software from Rapid7, Inc. that can use the scan results to deeply probe the network. The software supports scanning configuration environments for errors, vulnerabilities, malware, etc. Rapid7 Nexpose 6.6.129 and previous versions have a securi...

6.1CVSS3.1AI score0.0041EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.31 views

Huawei Emui and Magic UI Denial of Service Vulnerability (CNVD-2022-20298)

Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. a denial of service vulnerability exists in Huawei Emui and Magic UI, which stems from copying the input buffer in the video framework without checking its size. An attacker...

7.8CVSS2.9AI score0.00725EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.31 views

Mattermost Server Buffer Overflow Vulnerability (CNVD-2022-65355)

Mattermost Server is an open source messaging platform from Mattermost, Inc. A buffer overflow vulnerability exists in Mattermost Server versions 6.3.2 and below, which stems from the fact that Mattermost Server's document extractor does not properly validate data boundaries when performing...

6.5CVSS2.6AI score0.00888EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.31 views

Huawei Emui and Magic UI Nearby module licensing issue vulnerability

Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI Nearby modules are vulnerable to authorization issues that could be exploited by attackers to compromise availability and integrity...

9.1CVSS3.2AI score0.00695EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.31 views

TP-Link Omada Controller Software Licensing Issue Vulnerability

TP-Link Omada Controller Software is a set of software from Tp-link that supports the management of wireless access points.TP-Link Omada Controller Software versions prior to 5.0.15 are vulnerable to authorization issues, which stem from a lack of authentication measures or insufficient...

7.5CVSS4AI score0.01764EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.31 views

Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59681)

Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...

7.8CVSS6.3AI score0.02158EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.31 views

Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2022-20139)

Microsoft Office is an office software suite of products from Microsoft Corporation USA. Microsoft Office Visio is vulnerable to remote code execution. The vulnerability is due to a boundary error in the processing of EMRCOMMENTEMFPLUS records in EMF images. A remote attacker could exploit this...

7.8CVSS4.2AI score0.02847EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/10 12:0 a.m.31 views

Microsoft Windows Common Log File System Driver Information Disclosure Vulnerability (CNVD-2022-84602)

Microsoft Windows Common Log File System Driver is a Common Log File System CLFS API from Microsoft that provides a common log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize log access. An information disclosure vulnerability exists in...

5.5CVSS6.7AI score0.01054EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.31 views

Google Chrome Autofill Security Bypass Vulnerability

Google Chrome is a web browser from Google, an American company. Google Chrome has a security vulnerability that can be exploited by attackers to bypass security restrictions...

6.5CVSS7.3AI score0.00868EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/09 12:0 a.m.31 views

Microsoft Defender permission permission and access control issues vulnerability

Microsoft Defender is a threat protection software from Microsoft Corporation USA. Microsoft Defender for IoT is vulnerable to privilege permission and access control issues. No details of the vulnerability are currently available...

7.8CVSS3.1AI score0.01043EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.31 views

Google Chrome ANGLE buffer overflow vulnerability

Google Chrome is a web browser from Google, Inc. Google Chrome ANGLE is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.8CVSS6.4AI score0.01153EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.31 views

Simple Bakery Shop Management SQL Injection Vulnerability

Simple Bakery Shop Management is a bakery management system. simple Bakery Shop Management is vulnerable to SQL injection and no detailed vulnerability details are available at this time...

7.5CVSS2.1AI score0.01195EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/04 12:0 a.m.31 views

Qt path traversal vulnerability

Qt is a cross-platform C application development framework from the Norwegian company Qt. It is widely used for developing GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers.Qt versions prior to...

7.5CVSS2.9AI score0.0193EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/02 12:0 a.m.31 views

WordPress WS Form plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress WS Form plugin prior to 1.8.176, which stems from the WS...

4.8CVSS2AI score0.00588EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/02 12:0 a.m.31 views

Maxsite CMS File Upload Vulnerability

MaxSite CMS is a web content management system from the Russian MaxSite CMS open source project. Maxsite CMS is vulnerable to file uploads, which can be exploited by attackers to execute arbitrary code via crafted PHP files...

9.8CVSS5.6AI score0.02785EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.31 views

Tp-link TL-WR840N Remote Code Execution Vulnerability

The Tp-link TL-WR840N is a wireless router from China Pulian Tp-link.A remote code execution vulnerability exists in the Tp-link TL-WR840N, which stems from a remote code execution RCE vulnerability found to be contained via the oal wan6 setIpAddr function. No detailed vulnerability details are...

9.8CVSS3.6AI score0.39776EPSS
Exploits3References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.31 views

JetBrains TeamCity Code Issue Vulnerability (CNVD-2022-18623)

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reports.JetBrains TeamCity has a code issue vulnerability that stems from the product's...

5.3CVSS2.1AI score0.00646EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/25 12:0 a.m.31 views

Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2022-17683)

Oracle MySQL Server is a relational database from Oracle Corporation. Oracle MySQL Server is vulnerable to an input validation error that can be exploited by attackers to cause unauthorized creation, deletion, or modification of critical data or all MySQL Server-accessible data...

5.9CVSS4.9AI score0.01296EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/23 12:0 a.m.31 views

Unspecified Vulnerability in IBM Planning Analytics (CNVD-2022-13923)

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A security vulnerability exists in IBM Planning Analytics that stems from the vulnerability of IBM...

7.8CVSS7.7AI score0.00736EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/22 12:0 a.m.31 views

Cobbler has an unspecified vulnerability (CNVD-2022-18325)

Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installation environments. security vulnerabilities exist in versions of Cobbler prior to 3.3.1, stemming from files in /etc/cobbler that are publicly readable, two of which contain some sensitiv...

7.1CVSS2.7AI score0.00306EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/22 12:0 a.m.31 views

Expat integer overflow vulnerability (CNVD-2022-18355)

Expat is a fast streaming XML parser written in C. An integer overflow vulnerability exists prior to Expat 2.4.5, which stems from the presence of an integer overflow in storeRawNames. No detailed vulnerability details are currently available...

9.8CVSS4.8AI score0.04781EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/18 12:0 a.m.31 views

snapd competition condition issue vulnerability

Snapd is an open source, cross-platform package management tool. snapd is vulnerable to a contention issue, which can be exploited by local attackers to gain root privileges and execute arbitrary code to gain privilege escalation by binding to mount their own content in snap's private mount...

7.8CVSS5.8AI score0.00966EPSS
Exploits4References1
CNVD
CNVD
added 2022/02/16 12:0 a.m.31 views

KiCad buffer overflow vulnerability

Kicad is a free software for printed circuit board design from the KiCad Eda community. A security vulnerability exists in KiCad EDA, which stems from a stack buffer overflow vulnerability in the Viewer gerber and excellon GCodeNumber parsing functions in KiCad EDA 6.0.1 and master branches. An...

7.8CVSS4.6AI score0.0146EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/16 12:0 a.m.31 views

vim buffer overflow vulnerability (CNVD-2022-11188)

Vim is an editor based on the UNIX platform. A buffer overflow vulnerability exists in vim, which could be exploited by an attacker to input a specially crafted file, leading to a crash or code execution...

8.4CVSS4.1AI score0.01541EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/15 12:0 a.m.31 views

Adobe Illustrator null pointer dereference vulnerability (CNVD-2022-15929)

Adobe Illustrator is a vector-based image creation software from Adobe. Adobe Illustrator has a security vulnerability that could be exploited by attackers to launch an application denial of service in the context of the current user...

5.5CVSS4.6AI score0.01714EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/14 12:0 a.m.31 views

Adobe Illustrator Buffer Overflow Vulnerability (CNVD-2022-15940)

Adobe Illustrator is a vector-based image creation software from Adobe. Adobe Illustrator is vulnerable to a buffer overflow vulnerability that could be exploited to execute arbitrary code in the context of the current user...

7.8CVSS4.4AI score0.04279EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/14 12:0 a.m.31 views

D-Link DIR-X1860 has unspecified vulnerabilities

The D-Link Dir-X1860 is a dual-band router from D-Link China.A security vulnerability exists in the D-Link DIR-X1860, which stems from a reflected cross-site scripting attack in the D-Link DIR-X1860 web application prior to v1.10WWB09 Beta, which can be exploited by an attacker to sending a...

6.1CVSS2.4AI score0.02375EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.31 views

Xwiki Platform Cross-Site Scripting Vulnerability (CNVD-2022-13409)

Xwiki Platform is a wiki platform for creating web collaboration applications from the French company Xwiki. Xwiki Platform is vulnerable to cross-site scripting, which can be exploited to upload SVGs containing scripts executed when performing download operations on files when using the default...

5.4CVSS1.5AI score0.0087EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/09 12:0 a.m.31 views

Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10275)

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. Operating System H2O UEFI firmware has a buffer overflow vulnerability that can be exploited to write fixed...

7.5CVSS3.6AI score0.00264EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/03 12:0 a.m.31 views

Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09135)

Oracle MySQL Server is a relational database from Oracle Corporation. An input validation error vulnerability exists in MySQL Server that originates from an input validation error in the Server: Optimizer component in MySQL Server. An attacker can exploit this vulnerability to corrupt or delete...

4.9CVSS5.3AI score0.01856EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/25 12:0 a.m.31 views

GPAC Buffer Overflow Vulnerability (CNVD-2022-07643)

GPAC is an open source multimedia framework. Version v1.0.1 of GPAC has a security vulnerability that stems from a heap-based buffer overflow vulnerability in the gfisomdoviconfigget function of MP4Box, which could be exploited by an attacker to cause a denial of service or execute arbitrary code...

7.8CVSS7.4AI score0.01127EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/24 12:0 a.m.31 views

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-17692)

Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation USA. Oracle MySQL Cluster is vulnerable to an input validation error that could be exploited by attackers to corrupt or delete data...

6.3CVSS4.5AI score0.76548EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/24 12:0 a.m.31 views

Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15488)

Oracle Java SE is an Oracle Corporation USA product for developing and deploying Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to cause an unauthorized...

5.3CVSS3AI score0.07748EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/24 12:0 a.m.31 views

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-17693)

Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation USA. Oracle MySQL Cluster is vulnerable to an input validation error that could be exploited by attackers to corrupt or delete data...

6.3CVSS4.5AI score0.78951EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/21 12:0 a.m.31 views

Oracle WebLogic Server Input Validation Error Vulnerability (CNVD-2022-05875)

Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...

6.1CVSS1.6AI score0.00946EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/21 12:0 a.m.31 views

F5 BIG-IP Cross-Site Scripting Vulnerability (CNVD-2022-72758)

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A cross-site scripting vulnerability exists in F5 BIG-IP, which can be exploited to run JavaScript in the context of the...

4.3CVSS1.8AI score0.00797EPSS
Exploits0Affected Software5
Total number of security vulnerabilities5000